Method and system for securely providing vehicle services data to a vehicle

ABSTRACT

A computer device, having at least two long-range wireless profiles and coupled with a communication bus of a vehicle, receives a notice that a vehicle-centric download for the computer device, or for a vehicle device coupled to the communication bus, is pending from a remote server. The vehicle computer device determines the size and security requirement associated with the pending download, and a current operational state of the vehicle. If the size or security requirement is low, a consumer-centric profile may be used for the download even if the vehicle is currently being used. If the download file size is large or requires very high security, or if a user is currently using the computer device according to the consumer-centric profile, the computer device may schedule the download to occur after receiving a trigger event occurrence message.

CROSS REFERENCE TO RELATED APPLICATION

This application is a continuation of, and claims priority under 35U.S.C. § 120 to, U.S. patent application Ser. No. 16/679,646 filed onAug. 17, 2017, and entitled “Method and system for securely providingvehicle services data to a vehicle,” the entirety of the contents ofwhich is incorporated herein.

FIELD

The field relates, generally, to managing wireless communication with amobile machine.

SUMMARY

Smart phones, tablets, laptops, and other similar mobile computers havecome into almost ubiquitous use with consumers, as well as withprofessional vehicle operators and equipment service personnel, and moreand more equipment, such as, vehicles, vending machines, coin-operatedmachines, currency-operated machines, credit/debit-card-operatedmachines, and smart-phone-operated machines can be wirelesslycontrolled, wirelessly operated, and wirelessly receive payment forproducts associated therewith from the mobile computer devices.Typically, vehicles, and other machines that may be operated wirelesslyfrom a user device (“UE”) (typically a smart phone, but may also be atablet, lap top computer, smart-watch, wearable device, or other similarwireless mobile device that can communicate with a wireless network,such as a cellular telephony/mobile data network, a Wi-Fi network, orvia a short range wireless link, such as Bluetooth or near fieldcommunication (“NFC”)) through interaction between the UE and a wirelessmobile device connected with the vehicle, or other machine. For purposesof simplicity and clarity, description herein will primarily be inreference to a vehicle as the wirelessly controllable device that may becontrolled by a UE, but concepts disclosed herein may also apply towirelessly controllable/interactive machines such as vending machines,sales kiosks (such as may be operated by business operators such asrestaurants and airlines for taking orders and ticketing, respectively),drones, audio/video entertainment device, gaming device, or the like.

In the vehicle context, a vehicle typically includes a communicationbus, which may be a controller area network (“CAN”) bus, or similar,that connects various sensors (e.g., engine-related,transmission-related, steering, braking, acceleration, and other sensorsthat detect vehicle operational information), and provides theoperational information from there to a central vehicle computer, suchas an engine control module (“ECM”). The vehicle may also include aplurality of operational modules that connect to the communication bus,which modules may include a starting system module, door lock/unlockactuators and related circuitry, window motors and associated circuitry,heating/ventilating, and air conditioning (“HVAC”) equipment andassociated circuitry, navigation system, infotainment system, and thelike. The modules may receive instructions from the ECM to perform suchactions as unlocking the vehicle's doors, operating one or more windows,starting the vehicle (i.e., cranking the engine or enabling operation ofan electric vehicle's propulsion system), operating the HVAC system, andthe like. The ECM may generate messages that cause operation of variousmodules and provide the operational message to the vehicle's CAN bus, orsimilar. The operational messages may be generated in response to auser's interaction with the vehicle (i.e. operating a key in a lock ofthe vehicle, entering a code with a push button pad or touchscreen,providing a voice command, or the like).

Or, the ECM may receive messages from an external source, such as avehicle telematics module, which may be referred to as a telematicscontrol unit (“TCU”). A TCU may be a computer device that has a computerprocessor and memory as well as circuitry for transmitting and receivingdata via long range and short range wireless links. Examples of longrange wireless link protocols include GSM, CDMA, LTE, and the like. ATCU may be a device that is fixed/installed into a vehicle when thevehicle is manufactured and that communicates with a vehiclecommunication bus such as a CAN. Alternatively, instead of beinginstalled when a vehicle is manufactured, a TCU may be a removabledevice that plugs into a diagnostic port of a vehicle, such as avehicle's OBD-II port, and communicates with a vehicle's CAN via thediagnostic port. In an aspect, some functionality of a TCU may beperformed by a user's user equipment device (“UE”) such as a smartphone, tablet, laptop, or the like, in communication with a removable orpermanently-installed computer device via short range wirelesslink./protocol, such as Bluetooth or Wi-Fi.

The TCU may receive operational/control information messages wirelesslyvia a long-range wireless communication network, such as a wirelessmobile network (i.e., a wireless cellular/data network that may supportLTE, CDMA, GSM technologies, or the like). The TCU may receiveoperational/control information messages that a telematics servicesprovider generates at an internet-connected telematics servicesprovider's network server, which may be referred to as a telematicsoperations server (“TOS”). (A TOS may be operated in connection with atelematics operation center (“TOC”), such as a call center, eitherstaffed with personnel, or an unstaffed computer system that operatesautomatically.) The TCU may receive operation/control messages that auser may generate with his, or her, smart phone, or other mobilecomputing device. A TCU may also report vehicle condition information toa UE or to a TOS/TOC. A vehicle manufacturer may, from time to time,provide updates to a TCU, or to a vehicle module using a long-rangewireless link, such as may be associated with an LTE data plan that isprovided for exclusive use of the manufacturer for communicating withthe TCU/vehicle. Alternatively, a TOS/TOC may, in the stead of avehicle's manufacturer, wirelessly provide updates to the vehicle orTCU. Examples of updates that a TOS/TOC may provide may include TCUsoftware reflashing/updating, ECU reflashing/updating, other vehiclemodule reflashing/updating, and the like. For purposes of discussion,communication with a TCU by a TOS/TOC or vehicle manufacturer may bereferred to as vehicle-oriented services, or vehicle service. Vehicleservices may be delivered via a TCU using a vehicle subscriber identitymodule (“SIM”) that has been installed into the TCU, or a vehicle SIMprofile, which may not require the presence of a physical SIM in theTCU. Charges for providing vehicle services through a vehicle SIM aspart of a telematics services subscription are typically included in asubscription amount.

In addition to receiving operational commands to operate a vehicle, orreflashing/updating from a vehicle manufacturer/TOC system, thelong-range wireless circuitry of the TCU may be used by a consumer towirelessly obtain personal consumer services that may not be related tooperation of the vehicle. Such consumer-oriented services may includeinternet browsing, audio or video streaming, voice call services, videoconferencing services, file downloading, and the like, and may bereferred to as consumer services. Consumer services may be delivered viaa TCU using a consumer subscriber identity module that has beeninstalled into the TCU, or a consumer SIM profile, which may not requirethe presence of a physical SIM in the TCU.

Occasionally, while a user is obtaining consumer services using aconsumer SIM, or consumer SIM profile in the TCU, a vehicle manufactureror a telematics services provider determines the need to schedule anupdate to the TCU or other vehicle modules, such as an update to a mapof a navigation system. To avoid using a currently-in-use connection tothe vehicle that was established according to a consumer SIM, the TCUmay, upon receiving a notification via connection over a secure tunnelestablished with the consumer SIM and the data purchased by theconsumer, determine whether to receive the vehicle services or whetherto postpone receiving of the vehicle services until predeterminedcondition is met, such as for example, the vehicle enters a key-offcondition.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a wireless network environment with a vehicle.

FIG. 2 illustrates a flow diagram of a method for deliveringvehicle-centric services.

FIG. 3 illustrates a schematic diagram of vehicle control unit switchingbetween SIM profiles to facilitate different data flows corresponding todifferent data categories.

DETAILED DESCRIPTION

As a preliminary matter, it will be readily understood by those personsskilled in the art that aspects described herein are susceptible ofbroad utility and application. Many methods, embodiments, andadaptations other than those herein described as well as manyvariations, modifications and equivalent arrangements, will be apparentfrom or reasonably suggested by the substance or scope of the aspectsdescribed herein.

Accordingly, while the present invention has been described herein indetail in relation to preferred embodiments, it is to be understood thatthis disclosure is only illustrative and exemplary of the presentinvention and is made merely for the purposes of providing a full andenabling disclosure of the invention. The following disclosure is notintended nor is to be construed to limit the present invention orotherwise exclude any such other embodiments, adaptations, variations,modifications and equivalent arrangements, the present invention beinglimited only by the claims appended hereto and the equivalents thereof.

Turning now to the figures. FIG. 1 illustrates a network environment 2that includes a vehicle 4. Vehicle 4 includes a control unit 6, forexample a telematics control unit (“TCU”). Control unit 6 maycommunicate wirelessly via a wireless link 8 with a radio access network(“RAN”) 10, which may be associated with a mobile network 12 thatprovides services to a user of vehicle 4. For example, a user of vehicle4 may have selected mobile network 12 (e.g., one of Verizon, AT&T,T-Mobile, Sprint, etc.) to provide wireless service to a personal userequipment (“UE”) device, such as a smart phone or a tablet of the user.Network 12 may be referred to herein as consumer services network, as aconsumer mobile network, or simply as a consumer network.

Typically, a user's personal device includes a subscriber identitymodule (“SIM”) that facilitates wireless electronic communicationbetween the personal device and network 12. A SIM may containinformation and circuitry on a physical SIM that may be removablyinstalled in a user device, wherein the information and circuitry may beused for authenticating a user device with a wireless mobile network.Instead of a physical SIM card installed in a user device, a user devicemay include SIM profile information that facilitates a processor of theuser device performing authentication procedures for authenticating theuser device with a wireless mobile network. Accordingly, control unit 6may include a physical SIM, or merely SIM profile information, for usein authenticating the control unit to a wireless mobile network.

Control unit 6 typically is configured for transmitting and receivingvehicle-centric data (which may be referred to herein as vehicle data orvehicle services) with a telematics back end central computer system 14of a telematics services provider (“TSP”). Typically, a TSP arrangeswith a particular wireless mobile network 16 (e.g., one of Verizon,AT&T, T-Mobile, Sprint, etc.) to securely transmit and receive vehicledata via a secure APN 18 of network 16. Secure tunnel 20 is shown as alogical data flow path between TSP back end 14 and control unit 6—itwill be appreciated that data of flow 20 typically flows through APN 18of network 16. For purposes of discussion, network 16 may be referred toherein as a vehicle services network, as a vehicle mobile network, orsimply as a vehicle network. Although typically considered as part ofvehicle 4, control unit 6 may be referred to herein as a UE because itincludes similar circuitry that performs many of the same functions as auser's personal smart phone or tablet UE.

Typically, a user of vehicle 4 receives consumer services with his, orher, UE from a content provider's central computer server 22 viaInternet 24. When a user's UE receives services during such activitiesas Internet browsing, file download, music or video streaming, etc.,such services typically flow through an APN 26 of consumer network 12.Typically, consumer services, which may be referred to herein as“consumer-oriented” services or “consumer-centric” services, includecontent of high volume (i.e., downloading a large file such as a highresolution image, audio file, or video file), and high bandwidth datapaths via a high bandwidth APN of the consumer network 12 are used toensure fast web browsing and low latency of content streaming. On theother hand, vehicle services, which may be referred to herein as“vehicle-oriented” services or “vehicle-centric” services, typicallyinclude updates to control unit 6, or other modules of vehicle 4.Updates to other modules may include downloading of map files for anavigation system or downloading of software files for the reprogramming(which may be referred to as reflashing) of various control modules invehicle 4, such as air bag modules, HVAC control modules, electric motorpower management and control, engine management, etc. Vehicle data maybe large, or high-volume, files, such as a navigation map update, orvehicle data/services may be relatively small data files such as arevision to an engine management program.

FIG. 1 also shows a management platform 28, which may be coupled toInternet 24 via APIs with a network component, such as an HSS, ofvehicle services mobile network 16. Typically, management platform 28 isoperated by an entity that has a relationship with the services providerthat operates backend 14; in some cases, management platform may in factperform the functionality of the services provider back end system 14.Accordingly, flow path 38 is shown between telematics services providerbackend central computer system 14 and management platform 28 toindicate cooperation between management platform 28 and TSP 14.Management platform 28 typically performs, or manages, initial setup ofone or more subscriptions of control unit 6 to network 16. Duringsetup/management of subscription profiles (i.e., associating SIMs, orSIM profiles, of device 6 with services subscriptions on network 16)management platform 28 may set up a secondary SIM profile (correspondingto a subscriber/user profile with services subscription on network 12,rather than a vehicle services profile) within a SIM of control unit 6.

It will be appreciated that flow paths 20 and 36, and 38 are shown forpurposes of discussion, and that wireless communication between controlunit 6 and internet 24, consumer network 12, or vehicle network 16physically occurs via wireless link 8. Furthermore, although wirelesslink 8 is shown between control unit 6 and consumer network 12, it willbe appreciated that the vehicle control unit may establish a wirelesslink with a network other than the vehicle network 16 or the consumernetwork 12 when vehicle 4, and thus control unit 6, is outside of acoverage area of a RAN that corresponds to the consumer network or thevehicle network. In addition, it will be appreciated that when operatingvehicle 4, a user may receive consumer services from provider 22 viahis, or her UE over consumer network 12, but a consumer SIM, or SIMprofile in control unit 6 may actually facilitate the providing of theconsumer services via wireless link 8 with the user's UE, which may bein wireless communication with the control unit via a short rangewireless link, such as for example, via a Wi-Fi hotspot signal, or via aBluetooth signal. In such a scenario, a consumer SIM, or SIM profile, ofcontrol unit 6 would have authenticated with consumer network 12 and theuser's UE would operate essentially as a wirelessly-connected peripheralto the control unit. (Such as via remote SIM Access Protocol.)

Turning now to FIG. 2 , the figure illustrates a flow diagram of amethod 200 for determining a SIM profile in a vehicle's mobile vehicledevice to use for a given data flow to the wireless communicationdevice, which may be referred to as a vehicle computer device. Method200 begins at step 205. At step 207, a management platform pushes, orforwards, a consumer-centric SIM profile, or consumer-centricsubscription information, to the vehicle computer device/vehicle controldevice 6 shown in FIG. 1 . At step 210, a management platform transmits,or ‘pushes,’ a preferred local mobile network list (“PLMN”) to thevehicle device. The PLMN list provides information for determining anetwork for a consumer-centric SIM profile in the vehicle computerdevice to use for consumer-centric high volume, high bandwidth services.The PLMN list causes TCU 6 to use the consumer-centric SIM profile tooperate on networks as defined by, or authorized by, a network to whicha consumer establishes, or has established, a subscription for obtainingconsumer-centric services (i.e., high volume/high bandwidth services).For example, the PLMN list may include information such as a mobilecountry code (“MCC”) and a mobile network code (“MNC”) for the consumerSIM profile in vehicle computer device 6 to use for determining anetwork endpoint for sending and receiving consumer-centric servicesdata. The MCC and MNC also compose an International Mobile SubscriberIdentity (“IMSI”), which typically includes a number unique to the SIMcard/profile. The MNC and MCC in a consumer SIM correspond to a networkthat a user has chosen as his, or her, preferred network, for exampleconsumer network 12 shown in FIG. 1 , for use by his, or her, consumerdevice, or devices. Similarly, a vehicle SIM/profile in vehicle wirelesscommunication device 6 typically includes a SIM having an IMSI thatcorresponds to vehicle network 16. A user of vehicle 4, associated withvehicle wireless communication device 6 may from time-to-time changehis, or her, preferred network carrier for providing of consumer-centricservices, which change would typically result in a different IMSI beingpushed to the vehicle wireless communication device by managementplatform 28. The PLMN lists in a predetermined order wireless mobilenetworks that have been authorized, approved, or otherwise permitted foruse according to the predetermined order by the vehicle device 6 forconsumer-centric services when a vehicle associated with the vehicledevice is not located within a coverage area of a user's base, or home,mobile network.

At step 215, a vehicle manufacturer, a telematics services provider, amap data provider, or a traffic data/information provider, etc.,determines that an update to information stored in a user's vehicle isneeded. For example, a vehicle manufacturer may determine the need towirelessly download to the vehicle an update to the vehicle's enginemanagement software. Or, a map provider may have a map file for a givenarea that has been revised, or for an area that the vehicle has neverbeen in before, that needs to be downloaded to the vehicle based on thecurrent location of the vehicle. For purposes of discussion, a TSP maybe referred to as the system or the entity that determines that a needexists to download information/data to a vehicle computer device, butany other entity may determine a need to download, or push, informationto a vehicle and such other entity/system is contemplated when referenceis made herein to a TSP determining the need to download information(i.e., vehicle-centric services) to a vehicle.

At step 220, the TSP transmits a pending download notification message(“notice”) to the vehicle computer device, which receives the notice atstep 225.

At step 230, the vehicle computer device determines, based oninformation contained in the notice, whether the pending download is alarge file, contains a large volume of information, or requires veryhigh security, such as would be the case for a firmware update to avehicle's ECM. Such a volume/security determination may be made based oncomparing a pending download file's size to a predetermined criterion.For example, if the file size to be downloaded is less than apredetermined high-volume threshold, the pending download may be deemedas not being a large pending download. In an aspect, the determinationof volume at step 230 may be based on type of file, or type ofinformation. For example, if the pending download file is a map, thevehicle wireless communication/computer device/control unit maydetermine that the file is likely large because it is a map file, evenif an actual evaluation of the size of the file to be downloaded is notmade, or if the size of the file to be downloaded is not provided in thenotice.

If the pending download is deemed as not requiring very high security oris not large (which may be referred to herein as small) at step 230,method 200 advances to step 235. At step 235, the vehicle computerdevice uses a consumer SIM/profile to download the small file. Suchdownloading of a small file may occur even if a consumer is using his,or her, consumer SIM for consumer services, such as videostream—downloading of a small file is not likely to negatively impactdelivery of consumer services, nor is it likely to significantly andnegatively impact a monthly subscription data limit that the consumermay have for his, or her, data plan. After downloading using theconsumer SIM at step 235, method 200 ends at step 255.

Returning to description of step 230, if the vehicle computer devicedetermines that the pending download requires very high security, is alarge file, or a large volume of data, method 200 advances to step 240.At step 240, the vehicle computer device determines whether the pendingdownload is a critical download. For example, if the large pendingdownload includes a map for an area that vehicle has never been before,or if map information has been revised for the area in which the vehicleis currently located as compared to map information that is currentlystored in a navigation device or system associated with the vehicle, thevehicle computer device may deem the download as a critical download.

If a download is deemed critical at step 240, a determination may bemade at step 242 whether the critical download is permitted to occur viathe consumer-centric SIM, or consumer centric SIM profile. For example,if the consumer/user/driver/vehicle owner has configured the vehiclecontrol unit to use his, or her, consumer SIM (and correspondingsubscribed-to data plan data allotment) for downloading critical largevehicle-centric downloads while he, or she, is using the consumer SIMfor consumer services data, the consumer services data flow may besuspended while the critical vehicle centric services are downloadedaccording to the consumer SIM profile at step 235 before method 200 endsat step 255.

In a more likely scenario, if a determination is made at step 242 thatthe consumer SIM profile has not been permitted for use is downloadinglarge vehicle-centric data, a consumer-centric data flow session thatmay be currently used for obtaining consumer-centric services accordingto a consumer SIM, or consumer SIM profile, may be suspended and avehicle-centric data flow may be established with the vehicle servicesSIM, or profile, for obtaining the large critical update at step 250before method 200 ends at step 255.

Returning to description of step 240, if the vehicle computer devicedetermines at step 240 that the large pending file to be downloaded isnot a critical file, method 200 advances to step 245. At step 245, thevehicle computer device determines whether a trigger signal/message,corresponding to the occurrence of a trigger event, has been received.An example of a trigger event may be that the vehicle engine has beenturned off, which event may be referred to as “key off.” A trigger eventmay the changing from a current operational state of a vehicle (i.e.,the vehicle engine is running or a user is downloading consumer-centricservices data) to a changed operational state (i.e., key off or thetermination of consumer-centric services). The trigger event may bereferred to as a changed operational state and a message indicating thatthe trigger event has occurred may be referred to as a changedoperational state message. If the trigger event has not occurred, thevehicle control unit computer device transmits a message to the TSPbackend indicating that a data flow established according to theconsumer SIM/profile is currently in use and that the download file ordata should be buffered/stored until the vehicle control unit transmitsa message that the trigger event has occurred, and the vehicle controlunit continues checking to determine whether the trigger event hasoccurred at step 245. When a trigger signal/message is received, orindicated, method 200 advances to step 250. At step 250, the vehiclecomputer device downloads the pending download according to a vehicleSIM/profile, and ends at step 255 after the download has completed.

Downloading after key off provides an advantage for scenarios where avehicle computer device has one set of long-range wireless radioreceiver circuitry. Or, if no UE device is attached to the vehiclecomputer device via Wi-Fi for streaming of audio or video content (i.e.,no consumer services are being used), the vehicle computer device mayoperate using the vehicle SIM profile to service a request forvehicle-centric services, even if the vehicle is operating. Theconsumer-centric SIM profile can be selected at times of customer demand(i.e., when a user decides to stream audio or video content to his orher UE via Wi-Fi from the vehicle computer device.

If a vehicle computer device has more than one set of receive circuitry,the device may download two different services/data flows simultaneouslyusing two different SIMs/profiles. By waiting until key off occurs todownload large updates, instead of during a consumer's data servicessession while he, or she, may be driving or otherwise using his or hervehicle, the large file download does not negatively impact delivery ofthe consumer services nor does it negatively impact any data-use chargesthe user might be responsible for if a consumer SIM/profile in thevehicle computer device was used for the large download, for which datause according to the consumer SIM/profile a user typically isfinancially responsible.

It will be appreciated that the notice described in reference to step220 may be delivered over a secure tunnel, such as a virtual privatenetwork (“VPN”) tunnel or Transmission Layer Security (“TLS”) connectedapplication between a vehicle services provider's back end computersystem and the control unit of a vehicle using the consumer-centric SIMprofile information, but actual vehicle services data, such as a reflashof a vehicles engine management software, may occur over a secureconnection that is established between the vehicle services provider'sback end system and the vehicle control unit using the vehicle-centricSIM profile.

Turning now to FIG. 3 , a schematic diagram illustrates vehicle controlunit 6 that is currently receiving consumer services via the solid lineof flow path 36 from consumer APN 26 of network 12. The consumerservices flow of flow path 36 is shown as a heavy line to indicate thatconsumer services are often, if not typically, high volume data flowsthat utilize high-bandwidth resources of a network. Control unit 6includes processor 40, that controls, or routes data flows received viaflow path 36 from consumer APN 26 to the control unit according toconsumer SIM/profile 42B. Processor 40 is illustrated in the figure as amechanical switch, but it will be appreciated that the switch iconrepresents a function that processor 40 may perform, and isn't meant tolimit the processor to being a mechanical switch.

While receiving consumer services via the heavy line of flow path 36, anotice from TSP back end computer system 14 may transmit a notice tocontrol unit 6 indicating that the control unit needs to download, orreceive, vehicle-centric services data. The notice is shown as a brokenline flowing through consumer APN 26 to processor 40 to illustrate thatthe notice is a separate service/data flow from the consumer servicesdata flow that is shown as a heavy line in the figure, but that thenotice flows over the same physical connection to control unit 6 as theconsumer services data flow, but using a different logical connection.The vehicle service/data flow is separated from the consumerservice/data flow by being preferably (but not necessarily) inside of asecure tunnel such as a VPN or TLS application connection.

When control unit 6 receives the notice, processor 40 may determine thatit needs to facilitate downloading of the data referred to in thenotice. Processor 40 may determine that it needs to perform the downloadreferred to in the notice according to steps of method 200 discussed inreference to FIG. 2 above. As discussed in reference to FIG. 2 ,processor 40 may determine, or be informed in the notice, that thedownload is critical, and should be downloaded even if a consumer iscurrently receiving consumer services via data flow 36. Or, processor 40may determine that a trigger event has occurred, such as a key offcondition of the vehicle, and that download of the vehicle-centric datareferred to in the notice may commence. As described above, download ofvehicle-centric data, especially if high volume (i.e., a large softwarefile, a large data file, or updated map information) preferably does notflow through a consumer data connection enabled by SIM 42B. An exampleof vehicle centric data services that do not comprise a large amount ofdata includes an operating system software update to an ECM, TCU, orother module of the vehicle.

Rather, vehicle-centric service data flows preferably flow to controlunit 6 according to a data flow session established according to vehicleSIM/profile 42A. Thus, when control unit 6 determines thatvehicle-centric services may commence, processor 40 directs theauthentication and set-up of secure connection 20 to vehicle APN ofvehicle network 16, which vehicle APN has been established in thevehicle network as dedicated to facilitate secure vehicle-centriccommunications with a plurality of vehicle control units, such asvehicle control unit 6 shown referred to in the figures. The figureshows the switch icon rotating in direction 44 to illustrate thatincoming data flow tunnel 20 is established according to vehicle SIM 42Ainstead of consumer SIM 42B. Secure connection 20 may be a TLS encryptedtunnel, a VPN tunnel, or other type of secure connection using thevehicle VPN. It will be appreciated that determining when to switch froma secure tunnel that has been established according to consumer SIM 42Bto a secure connection that is established according to vehicle SIM 42Aadvantageously allows use of one or more SIM profiles in control unit 6to receive different services corresponding to respective ones of theplurality of SIM profiles when control unit 6 only has one set of radioreceiver circuitry (i.e., one RF front end and one set of filters,etc.). Thus, although data flow/connection 36 and data flow/connection20 are shown entering control unit 6 from consumer APN 26 and vehicleAPN 18, respectively, it will be appreciated that both dataflows/connections are physically received through the same RF receivercircuitry.

What is claimed is:
 1. A method, comprising: establishing, with a vehicle wireless communication device, a connection over a consumer-centric wireless communication network that corresponds to a consumer-centric Subscriber Identity Module (“SIM”) profile in the vehicle communication device using information of the consumer-centric SIM profile that is unique to the consumer-centric SIM profile; receiving, with the vehicle wireless communication device, a download notification via the connection over the consumer-centric wireless communication network using the consumer-centric SIM profile that vehicle-centric services data are to be downloaded; establishing, with the vehicle wireless communication device, a connection over a vehicle-centric wireless communication network that corresponds to a vehicle-centric SIM profile in the vehicle communication device using information of the vehicle-centric SIM profile that is unique to the vehicle-centric SIM profile; and downloading the vehicle centric data using the vehicle-centric SIM profile; wherein the download notification is received via the connection over the consumer-centric wireless communication network using the consumer-centric SIM profile through an encrypted tunnel and wherein the vehicle-centric services data are downloaded via the connection over the vehicle-centric wireless communication network using the consumer-centric SIM profile through an encrypted tunnel that is not the same encrypted tunnel through which the download notification was received.
 2. The method of claim 1 further comprising: determining with the vehicle communication device one of a data size or a security level associated with the vehicle-centric services data that are to be downloaded based on content included in the download notification; determining with the vehicle communication device that the vehicle-centric services data may be downloaded during a current operational state of the vehicle.
 3. The method of claim 2 wherein the current operational state of the vehicle is key-on.
 4. The method of claim 2 wherein the data size of the vehicle centric services data to be downloaded satisfies a predetermined criterion.
 5. The method of claim 4 wherein the current operational state of the vehicle is key-off.
 6. The method of claim 2 wherein the security level is determined based on a nature of the vehicle-centric services data to be downloaded being one or more firmware updates to an engine control module of a vehicle that includes the vehicle communication device. 